Security (Week 14)
Jaringan Komputer (IKI-20240) Johny Moningka (
[email protected]) Fakultas Ilmu Komputer Universitas Indonesia
Semester 2003/2004 Versi: 1.1
Agenda What is security? Why do we need security? Security framework Common security attacks and countermeasures Firewalls & Intrusion Detection Systems Denial of Service Attacks
Peterson & Davie: Ch. 8.4 Source slides: Justin Weisz (
[email protected])
2
Fasilkom UI v-1.1
What is “Security” Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: • 1. A group or department of private guards: Call building security if a visitor acts suspicious. • 2. Measures adopted by a government to prevent espionage, sabotage, or attack. • 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
…etc. 3
Fasilkom UI v-1.1
Why do we need security? Melindungi informasi vital, tapi memberikan kebebasan kepada yang berhak (services) Trade secrets, medical records, etc. Menyediakan mekanisme otentifikasi dan akses kontrol terhadap resources Sharing & password, penyandian (public key) Guarantee availability of resources Ex: 5 9’s (99.999% reliability)
4
Fasilkom UI v-1.1
Security Framework Landasan Keamanan Aspek manajemen resources IT, i.e physical security, bagaimana mengatasi social problems (“people can be just as dangerous as unprotected computer systems”). Tiga faktor utama yang mempengaruhi perlunya kebijakan keamanan: Faktor Threat: Apakah ada ancaman? Faktor Vurnerabilities: Apakah ada yang rawan? Faktor Risk: Apakah ada resiko?
5
Fasilkom UI v-1.1
Basic TCP/IP End hosts membuat paket IP dan router memproses berdasarkan address IP tujuan pd paket tsb. Problem – End host may lie about other fields and not affect delivery Source address – host may trick destination into believing that packet is from trusted source • Banyak aplikasi menggunakan address IP sbg cara sederhana utk validasi/otentikasi.
6
Fasilkom UI v-1.1
Common security attacks Finding a way into the network Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems Denial of Service IDS TCP hijacking IPSec (penjandian, support utk IP) Packet sniffing Encryption (SSH, SSL, HTTPS, pada tingkat aplikasi) Social problems Education ?? 7
Fasilkom UI v-1.1
Firewalls Basic problem – many network applications and protocols have security problems that are fixed over time Sulit untuk implementasi pd tingkat users dan sejumlah host yg banyak (control & managed) Solution • Administrators limit access to end hosts by using a firewall • Firewall is kept up-to-date by administrators
Firewalls (Ch. 8.4) Router diprogram khusus yg membatasi “site” dan eksternal network • Router => connect & forward paket • Filter => membatasi paket yang dapat di forward (drop) 8
Fasilkom UI v-1.1
Firewalls Contoh: Firewall membuang paket IP dgn address tertentu (source, destination) atau TCP port number (services yg dibatasi) A firewall is like a castle with a drawbridge Hanya satu titik akses ke jaringan internal This can be good or bad (Why?) Can be hardware or software Ex. Some routers come with firewall functionality ipfw, ipchains, pf on Unix systems, Windows XP and Mac OS X have built in firewalls 9
Fasilkom UI v-1.1
Firewalls
Internet
DMZ Firewall
Firewall
Web server, email server, web proxy, etc
Intranet
10
Fasilkom UI v-1.1
Firewalls Used to filter packets based on a combination of features These are called packet filtering firewalls • There are other types too, but they will not be discussed
Ex. Drop packets with destination port of 23 (Telnet) Can use any combination of IP/UDP/TCP header information man ipfw on Linux/Unix for much more detail
11
Fasilkom UI v-1.1
Firewalls Here is what a computer with a default Windows XP install looks like: 135/tcp open loc-srv 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 3389/tcp open ms-term-serv Might need some of these services, or might not be able to control all the machines on the network 12
Fasilkom UI v-1.1
Firewalls What does a firewall rule look like? Depends on the firewall used Example: ipfw /sbin/ipfw add deny tcp from cracker.evil.org to wolf.tambov.su telnet Other examples: WinXP & Mac OS X have built in and third party firewalls Different graphical user interfaces Varying amounts of complexity and power
13
Fasilkom UI v-1.1
Filter-Based Firewalls Packet filters Kumpulan filter diasosiasikan dgn aksi yang diperlukan terhadap paket (packet basis) Terdapat aturan (rule) dan tabel (alamat IP) yg harus dipenuhi supaya paket dilakukan forwarding. Aksi: forwarding atau discard. Typically a difficult balance between the access given and the ability to run applications • E.g. FTP often needs inbound connections on arbitrary port numbers – either make it difficult to use FTP or limit its use
Solusi yg umum dan di bundle pada router modern saat ini (tambahan s/w modul pd router) 14
Fasilkom UI v-1.1
Filter-Based Firewalls Table Karakteristik “logical connection” 4 tuple: source (IP addr, TCP port), destination (IP addr, TCP port) Blok (Deny): (192.12.13.14, 1234, 128.7.6.5, 80) • Filter paket dari port 1234, host: 192.12.13.14 dgn tujuan host 128.7.6.5, port 80).
Deny: (*, *, 128.7.6.5, 80) Note: implementasi umum, blok (deny) semua kecuali port tertentu: • Allow: (*, *, 128.7.6.5, 25) => hanya allow SMTP pada host tertentu, traffic lain di blok. 15
Fasilkom UI v-1.1
Proxy-Based Firewalls Proxy: Istilah umum pd teknik jaringan => proses yang berada antara client dan server proses. Dari sisi client => proxy mewakili server Dari sisi server => proxy mewakili client Umumnya proxy => terkait dengan konteks aplikasi: • Mampu melakukan intrepetasi pada tingkat aplikasi (mis. Cache proxy => request file di lokal cache, walaupun URL ke external networks).
Security: proxy dpt menerapkan (enforce) kebijakan keamanan dalam memberikan services dari suatu aplikasi. 16
Fasilkom UI v-1.1
Example Misalkan: kebijakan utk membatasi akses ke direktori tertentu (file) di Web-server untuk user tertentu/remote site. • Menggunakan filter port 80, tidak efektif karena melakukan blok pd keseruhan akses. • Deny utk URL tertentu tidak dapat diterapkan pada “packet filtering”.
HTTP proxy: • Remote user establish HTTP/TCP connection to the proxy. • Proxy check the URL: allowed/deny for the source host. • If allowed, proxy established a second HTTP/TCP connection to the server. • If deny, proxy returns error to the remote user. 17
Fasilkom UI v-1.1
Proxy: extend connections
Firewall External client
External HTTP/TCP connection
18
Proxy
Local server
Internal HTTP/TCP connection
Fasilkom UI v-1.1
Limitations Keterbatasan Firewalls Fokus pd ancaman eksternal => membatasi akses dari luar. Bagaimana dengan user internal? • Program dpt masuk melalui “mobile” computer dan berada di internal networks. • Email messages => expode pada jaringan internal.
Wireless LANs => interkoneksi berbagai devices (eksternal komputer), termasuk area jangkauan, dapat menggunakan akses dari remote host melalui firewall.
19
Fasilkom UI v-1.1
